Add cachix binary cache publish step to release (#3759)

This change will push K to the k-framework-binary cachix cache and pin
it to the commit hash.

.github/workflows/master-push.yml

@@ -5,62 +5,9 @@ on:
       - master
 
 jobs:
-
-  nix-flake-release:
-    name: 'Nix flake release'
-    strategy:
-      matrix:
-        include:
-          - runner: ubuntu-20.04
-            os: ubuntu-20.04
-          - runner: macos-13
-            os: macos-13
-          - runner: MacM1
-            os: self-macos-12
-    runs-on: ${{ matrix.runner }}
-    timeout-minutes: 60
-    steps:
-      - name: 'Check out code'
-        uses: actions/checkout@v3
-
-      - name: 'Upgrade bash'
-        if: ${{ contains(matrix.os, 'macos') }}
-        run: brew install bash
-
-      - name: 'Install Nix'
-        if: ${{ !startsWith(matrix.os, 'self') }}
-        uses: cachix/install-nix-action@v22
-        with:
-          install_url: https://releases.nixos.org/nix/nix-2.13.3/install
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-            substituters = http://cache.nixos.org https://hydra.iohk.io
-            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=
-
-      - name: 'Install Cachix'
-        if: ${{ !startsWith(matrix.os, 'self') }}
-        uses: cachix/cachix-action@v12
-        with:
-          name: k-framework
-          authToken: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
-          skipPush: true
-
-      - name: 'Build and cache K Framework'
-        uses: workflow/nix-shell-action@v3
-        env:
-          GC_DONT_GC: 1
-          CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
-        with:
-          packages: jq
-          script: |
-            k=$(nix build .#k --json | jq -r '.[].outputs | to_entries[].value')
-            drv=$(nix-store --query --deriver ${k})
-            nix-store --query --requisites --include-outputs ${drv} | cachix push k-framework
-
   gh-release:
     name: 'Publish GitHub Prerelease'
     runs-on: ubuntu-latest
-    needs: nix-flake-release
     steps:
       - name: 'Check out code'
         uses: actions/checkout@v3

.github/workflows/release.yml

@@ -43,17 +43,25 @@ jobs:
           cd ${CURDIR}
           gh release upload --repo runtimeverification/k --clobber v${version} ${tarball}
 
-  nix-release:
-    name: 'Nix Release'
-    runs-on: ubuntu-20.04
-    environment: production
+  cachix-release:
+    name: 'k-framework-binary cachix release'
+    strategy:
+      matrix:
+        include:
+          - runner: ubuntu-20.04
+            os: ubuntu-20.04
+          - runner: macos-13
+            os: macos-13
+          - runner: MacM1
+            os: self-macos-12
+    runs-on: ${{ matrix.runner }}
+    timeout-minutes: 60
     steps:
-      - name: Check out code
+      - name: 'Check out code'
         uses: actions/checkout@v3
-        with:
-          submodules: recursive
 
-      - name: Install Nix
+      - name: 'Install Nix'
+        if: ${{ !startsWith(matrix.os, 'self') }}
         uses: cachix/install-nix-action@v22
         with:
           install_url: https://releases.nixos.org/nix/nix-2.13.3/install
@@ -62,10 +70,24 @@ jobs:
             substituters = http://cache.nixos.org https://hydra.iohk.io
             trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=
 
-      - name: Upload release.nix
-        uses: runtimeverification/[email protected]
+      - name: 'Install Cachix'
+        if: ${{ !startsWith(matrix.os, 'self') }}
+        uses: cachix/cachix-action@v12
+
+      - name: 'Publish K to k-framework-binary cache'
+        uses: workflow/nix-shell-action@v3
+        env:
+          CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PRIVATE_KFB_TOKEN }}'
+          GC_DONT_GC: '1'
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          packages: jq
+          script: |
+            export PATH="$(nix build github:runtimeverification/kup --no-link --json | jq -r '.[].outputs | to_entries[].value')/bin:$PATH"
+            kup publish k-framework-binary .#k --keep-days 180
+            kup publish k-framework-binary .#k.openssl --keep-days 180
+            kup publish k-framework-binary .#k.procps --keep-days 180
+            kup publish k-framework-binary .#k.openssl.procps --keep-days 180
+            kup publish k-framework-binary .#k.procps.openssl --keep-days 180
 
   ubuntu-jammy:
     name: 'K Ubuntu Jammy Package'
@@ -315,7 +337,7 @@ jobs:
     name: 'Publish Release'
     runs-on: [self-hosted, linux, normal]
     environment: production
-    needs: [nix-release, macos-build, macos-test, source-tarball, ubuntu-jammy, set-release-id]
+    needs: [cachix-release, macos-build, macos-test, source-tarball, ubuntu-jammy, set-release-id]
     steps:
       - name: 'Check out code'
         uses: actions/checkout@v3

.github/workflows/test-pr.yml

@@ -226,9 +226,19 @@ jobs:
         with:
           name: k-framework
           authToken: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
+          skipPush: true
 
-      - name: 'Build K Framework'
-        run: GC_DONT_GC=1 nix build --print-build-logs .
+      - name: 'Build K Framework and push build time dependencies to cachix'
+        env:
+          CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
+          NIX_PATH: 'nixpkgs=http://nixos.org/channels/nixos-22.05/nixexprs.tar.xz'
+          GC_DONT_GC: '1'
+        run: |
+          nix --version
+          export JQ=$(nix-build '<nixpkgs>' -A jq --no-link)/bin/jq
+          k=$(nix build . --print-build-logs --json | $JQ -r '.[].outputs | to_entries[].value')
+          drv=$(nix-store --query --deriver ${k})
+          nix-store --query --requisites ${drv} | cachix push k-framework
 
       - name: 'Smoke test K'
         run: GC_DONT_GC=1 nix build --print-build-logs .#smoke-test